diff options
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 1aa0324b15..ec1e69a8bb 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.121 2021/10/23 13:36:03 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.122 2021/10/23 14:40:54 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -837,19 +837,19 @@ ssl3_get_client_hello(SSL *s) | |||
| 837 | * (may differ: see RFC 2246, Appendix E, second paragraph) | 837 | * (may differ: see RFC 2246, Appendix E, second paragraph) |
| 838 | */ | 838 | */ |
| 839 | if (!ssl_max_shared_version(s, client_version, &shared_version)) { | 839 | if (!ssl_max_shared_version(s, client_version, &shared_version)) { |
| 840 | if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && | 840 | if ((client_version >> 8) == SSL3_VERSION_MAJOR && |
| 841 | !tls12_record_layer_write_protected(s->internal->rl)) { | 841 | !tls12_record_layer_write_protected(s->internal->rl)) { |
| 842 | /* | 842 | /* |
| 843 | * Similar to ssl3_get_record, send alert using remote | 843 | * Similar to ssl3_get_record, send alert using remote |
| 844 | * version number. | 844 | * version number. |
| 845 | */ | 845 | */ |
| 846 | s->version = s->client_version; | 846 | s->version = client_version; |
| 847 | } | 847 | } |
| 848 | SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); | 848 | SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); |
| 849 | al = SSL_AD_PROTOCOL_VERSION; | 849 | al = SSL_AD_PROTOCOL_VERSION; |
| 850 | goto fatal_err; | 850 | goto fatal_err; |
| 851 | } | 851 | } |
| 852 | s->client_version = client_version; | 852 | S3I(s)->hs.peer_legacy_version = client_version; |
| 853 | s->version = shared_version; | 853 | s->version = shared_version; |
| 854 | 854 | ||
| 855 | S3I(s)->hs.negotiated_tls_version = ssl_tls_version(shared_version); | 855 | S3I(s)->hs.negotiated_tls_version = ssl_tls_version(shared_version); |
| @@ -1723,9 +1723,8 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) | |||
| 1723 | 1723 | ||
| 1724 | arc4random_buf(fakekey, sizeof(fakekey)); | 1724 | arc4random_buf(fakekey, sizeof(fakekey)); |
| 1725 | 1725 | ||
| 1726 | /* XXX - peer max protocol version. */ | 1726 | fakekey[0] = S3I(s)->hs.peer_legacy_version >> 8; |
| 1727 | fakekey[0] = s->client_version >> 8; | 1727 | fakekey[1] = S3I(s)->hs.peer_legacy_version & 0xff; |
| 1728 | fakekey[1] = s->client_version & 0xff; | ||
| 1729 | 1728 | ||
| 1730 | pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey; | 1729 | pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey; |
| 1731 | if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || | 1730 | if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || |
| @@ -1760,9 +1759,8 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) | |||
| 1760 | /* SSLerror(s, SSL_R_BAD_RSA_DECRYPT); */ | 1759 | /* SSLerror(s, SSL_R_BAD_RSA_DECRYPT); */ |
| 1761 | } | 1760 | } |
| 1762 | 1761 | ||
| 1763 | /* XXX - peer max version. */ | 1762 | if ((al == -1) && !((pms[0] == (S3I(s)->hs.peer_legacy_version >> 8)) && |
| 1764 | if ((al == -1) && !((pms[0] == (s->client_version >> 8)) && | 1763 | (pms[1] == (S3I(s)->hs.peer_legacy_version & 0xff)))) { |
| 1765 | (pms[1] == (s->client_version & 0xff)))) { | ||
| 1766 | /* | 1764 | /* |
| 1767 | * The premaster secret must contain the same version number | 1765 | * The premaster secret must contain the same version number |
| 1768 | * as the ClientHello to detect version rollback attacks | 1766 | * as the ClientHello to detect version rollback attacks |